fputs($dbgDuo, "\nNb of entries in log: " . mysqli_num_rows($resData));
while ($record = mysqli_fetch_array($resData)) {
fputs($dbgDuo, "\n> " . $record['raison']);
if (!empty($record['raison_iv']) && $record['raison_iv'] != NULL) {
// nothing to do
fputs($dbgDuo, "Item log correct");
} else {
// only at_modif and at_pw
$reason = explode(' : ', $record['raison']);
if (trim($reason[0]) == "at_pw") {
// check if pw encrypted with protocol #2
$pw = decrypt(trim($reason[1]));
fputs($dbgDuo, "\n/ step1 : " . $pw);
if (empty($pw)) {
// used protocol is #1
$pw = decryptOld(trim($reason[1]));
// decrypt using protocol #1
fputs($dbgDuo, " / step2 : " . $pw);
}
// get key for this pw
$resData_tmp = mysqli_query($dbTmp, "SELECT rand_key FROM " . $_SESSION['tbl_prefix'] . "keys\n WHERE `sql_table` = 'items' AND id = " . $data['id']) or die(mysqli_error($dbTmp));
$dataTemp = mysqli_fetch_row($resData_tmp);
if (!empty($dataTemp[0])) {
// remove key from pw
$pw = substr($pw, strlen($dataTemp[0]));
}
fputs($dbgDuo, " / step3 : " . $pw);
// store new encryption
if (isUTF8($pw) && !empty($pw)) {
$encrypt = cryption($pw, SALT, "", "encrypt");
fputs($dbgDuo, " / Final : " . $encrypt['string']);
if (isUTF8($pw)) {
// store Password
DB::update(prefix_table('items'), array('pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv']), "id = %i", $data['id']);
}
}
} else {
// COMPLETE RE-ENCRYPTION
$personal_sk = $_SESSION['my_sk'];
// get data about pw
$data = DB::queryfirstrow("SELECT id, pw, pw_iv\n FROM " . prefix_table("items") . "\n WHERE id = %i", $_POST['currentId']);
if (empty($data['pw_iv'])) {
// check if pw encrypted with protocol #2
$pw = decrypt($data['pw'], $_SESSION['my_sk']);
if (empty($pw)) {
// used protocol is #1
$pw = decryptOld($data['pw'], $_SESSION['my_sk']);
// decrypt using protocol #1
} else {
// used protocol is #2
// get key for this pw
$dataItem = DB::queryfirstrow("SELECT rand_key\n FROM " . prefix_table("keys") . "\n WHERE `sql_table` = %s AND id = %i", "items", $data['id']);
if (!empty($dataItem['rand_key'])) {
// remove key from pw
$pw = substr($pw, strlen($dataTemp['rand_key']));
}
}
// encrypt it
$encrypt = cryption($pw, $personal_sk, "", "encrypt");
// store Password
DB::update(prefix_table('items'), array('pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv']), "id = %i", $data['id']);
} else {
} else {
//settings.php file doesn't exit => ERROR !!!!
echo 'document.getElementById("res_step5").innerHTML = ' . '"<img src=\\"../includes/images/error.png\\"> Setting.php ' . 'file doesn\'t exist! Upgrade can\'t continue without this file.<br />' . 'Please copy your existing settings.php into the \\"includes\\" ' . 'folder of your TeamPass installation ";';
echo 'document.getElementById("loader").style.display = "none";';
}
break;
case "new_encryption_of_pw":
$finish = false;
$next = $_POST['nb'] + $_POST['start'];
$dbTmp = mysqli_connect($_SESSION['db_host'], $_SESSION['db_login'], $_SESSION['db_pw'], $_SESSION['db_bdd'], $_SESSION['db_port']);
$res = mysqli_query($dbTmp, "SELECT * FROM " . $_SESSION['tbl_prefix'] . "items\n WHERE perso = '0' LIMIT " . $_POST['start'] . ", " . $_POST['nb']) or die(mysqli_error($dbTmp));
while ($data = mysqli_fetch_array($res)) {
// check if pw already well encrypted
$pw = decrypt($data['pw']);
if (empty($pw)) {
$pw = decryptOld($data['pw']);
// if no key ... then add it
$resData = mysqli_query($dbTmp, "SELECT COUNT(*) FROM " . $_SESSION['tbl_prefix'] . "keys\n WHERE `sql_table` = 'items' AND id = " . $data['id']) or die(mysqli_error($dbTmp));
$dataTemp = mysqli_fetch_row($resData);
if ($dataTemp[0] == 0) {
// generate Key and encode PW
$randomKey = generateKey();
$pw = $randomKey . $pw;
}
$pw = encrypt($pw, $_SESSION['session_start']);
// store Password
mysqli_query($dbTmp, "UPDATE " . $_SESSION['tbl_prefix'] . "items\n SET pw = '" . $pw . "' WHERE id=" . $data['id']);
// Item Key
mysqli_query($dbTmp, "INSERT INTO `" . $_SESSION['tbl_prefix'] . "keys`\n (`table`, `id`, `rand_key`) VALUES\n ('items', '" . $data['id'] . "', '" . $randomKey . "'");
} else {
// if PW exists but no key ... then add it
$rows_tmp = DB::query("SELECT role_id FROM " . prefix_table("restriction_to_roles") . " WHERE item_id=%i", $_POST['id']);
$myTest = 0;
if (in_array($_SESSION['user_id'], $rows_tmp)) {
$myTest = 1;
}
// Uncrypt PW
if (isset($_POST['salt_key_required']) && $_POST['salt_key_required'] == 1 && isset($_POST['salt_key_set']) && $_POST['salt_key_set'] == 1) {
$pw = decrypt($dataItem['pw'], mysqli_escape_string($link, stripslashes($_SESSION['my_sk'])));
if (empty($pw)) {
$pw = decryptOld($dataItem['pw'], mysqli_escape_string($link, stripslashes($_SESSION['my_sk'])));
}
$arrData['edit_item_salt_key'] = 1;
} else {
$pw = decrypt($dataItem['pw']);
if (empty($pw)) {
$pw = decryptOld($dataItem['pw']);
}
$arrData['edit_item_salt_key'] = 0;
}
if (!isUTF8($pw)) {
$pw = '';
}
// extract real pw from salt
if ($dataItem['perso'] != 1) {
$dataItemKey = DB::queryfirstrow('SELECT rand_key FROM `' . prefix_table("keys") . '` WHERE `sql_table` = %s AND `id` = %i', "items", $_POST['id']);
$pw = substr($pw, strlen($dataItemKey['rand_key']));
// if error getting substring, then must be a blank password
if ($pw === false) {
$pw = "";
}
}
